Some people find H3c router ssh configuration difficult. here are the simple steps from which you can configure your router easily .

What is SSH.

Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices. Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. Implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm.

Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can implement secure remote access and file transfer over an insecure network. Adopting the typical client/server model, SSH can establish a channel to protect data transfer based on TCP. SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are not compatible. SSH2 is better than SSH1 in performance and security. The device can work as an SSH server to provide services to SSH clients, and can work as an SSH client to allow users to establish SSH connections with a remote SSH server. When acting as an SSH server, the device supports SSH2 and SSH1. When acting as an SSH client, the device supports SSH2 only.

The device supports the following SSH applications:

·           Secure Telnet—Stelnet provides secure and reliable network terminal access services. Through Stelnet, a user can securely log in to a remote server. Stelnet can protect devices against attacks, such as IP spoofing and plain text password interception. The device can act as an Stelnet server or an Stelnet client.

·           Secure File Transfer Protocol—SFTP, based on SSH2, uses SSH connections to provide secure file transfer. The device can serve as an SFTP server, allowing a remote user to log in to the SFTP server for secure file management and transfer. The device can also serve as an SFTP client, enabling a user to log in from the device to a remote device for secure file transfer.

·           SCP—Based on SSH2, SCP offers a secure approach to copying files. The device can act as an SCP server, allowing a user to log in to the device for file upload and download. The device can also act as an SCP client, enabling a user to log in from the device to a remote server for secure file transfer.


Requirment : The Cisco IOS image used must be a k9(crypto) image in order to support SSH. For example c3750e-universalk9-tar.122-35.SE5.tar is a k9 (crypto) image

How SSH works

This section uses SSH2 as an example to list the stages involved in secure session establishment between an SSH client and an SSH server. For more information about these stages, see SSH Technology White Paper.

Table 1 Stages involved in secure session establishment

Stages Description
Connection establishment The SSH server listens to the connection requests on port 22. After a client initiates a connection request, the server and the client establish a TCP connection.
Version negotiation The two parties determine a version to use after negotiation.
Algorithm negotiation SSH supports multiple algorithms. Based on the local algorithms, the two parties determine the key exchange algorithm for generating session keys, the encryption algorithm for encrypting data, the public key algorithm for digital signature and authentication, and the HMAC algorithm for protecting data integrity.
Key exchange The two parties use the DH exchange algorithm to dynamically generate the session key for protecting data transfer and the session ID for identifying the SSH connection. In this stage, the client authenticates the server as well.
Authentication The SSH server authenticates the client in response to the client’s authentication request.
Session request After passing the authentication, the client sends a session request to the server to request the establishment of a session (or request the Stelnet, SFTP, or SCP service).
Interaction After the server grants the request, the client and the server start to communicate with each other in the session. In this stage, you can paste commands in text format and execute them at the CLI. The text pasted at one time must be no more than 2000 bytes. H3C recommends that you paste commands in the same view. Otherwise, the server might not be able to correctly execute the commands. To execute commands of more than 2000 bytes, save the commands in a configuration file, upload it to the server through SFTP, and use it to restart the server.

How to Configure H3c rounter

1. When a user logs in to the switch using SSH, the switch authenticates the user to be logged in using a password to 
generate an RSA and DSA key pair 
[H3C]public-key local create rsa 
[H3C]public-key local create dsa 
2. Set the authentication mode on the user interface to AAA, BT wireless network cracking tutorial and let the user interface support SSH protocol 
[H3C]user-interface vty 0 4 
[H3C-ui-vty0-4]authentication-mode scheme 
[H3C-ui-vty0 -4]protocol inbound ssh 
3. Create the user luwenju-juzi, set the authentication password to [email protected]# The login protocol is SSH, and the command level that can be accessed is 3 
[H3C]local-user luwenju-juziBT4 
[H3C-luser-luwenju -juzi] luwenju cipher password -! @ # 
[H3C-luser-luwenju-juzi] SSH-Service-Level type. 3 
4. luwenju-juzi specified user authentication mode as password 
[H3C] user luwenju-juzi SSH authentication password-type 
a The basic SSH configuration is complete. After the configuration is complete, you can use the SSH login tool to connect to the switch.